CVE-2018-19524

CRITICAL

Shenzhen Skyworth DT741 - DoS/Remote Code Execution

Title source: llm

Description

An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.

Exploits (1)

exploitdb WORKING POC

by Kaustubh G. Padwad · pythondosasp

https://www.exploit-db.com/exploits/46358

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Feb/30

[Various Sources] https://s3curityb3ast.github.io/KSA-Dev-001.md

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Feb/21

[Various Sources] https://www.breakthesec.com/2019/02/cve-2018-19524-stack-overflow-in.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46358/

Scores

CVSS v3 9.8

EPSS 0.3217

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (3)

skyworthdigital/dt721-cb_firmware sdotbgn1

skyworthdigital/dt740_firmware sdotbgn1

skyworthdigital/dt741-cb_firmware sdotbgn1

Published Mar 21, 2019

Tracked Since Feb 18, 2026